[Snort-sigs] formmail redux

Chris Green cmg at ...26...
Fri Jan 25 11:12:03 EST 2002


This message will set this alert off.  That said,

alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"OUTGOING SPAM
                    formmail"; content:"formmail"; nocase;)

They've gone to probing way more than I can reasonably handle but they
always seem to be kind and include the url they are exploiting so they
can have a list of open relays waiting in their inbox.
-- 
Chris Green <cmg at ...26...>
To err is human, to moo bovine.




More information about the Snort-sigs mailing list